Cyber Intelligence Report – July 15, 2014

As Operation Edge rages on, hackers have increased their attempts to breach Israel, and while most of the attacks were unsuccessful, some hackers did succeed in their attempts. The IDF blog and spokesman Twitter account was hacked by the Syrian Electronic Army (SEA). The SEA defaced the blog by posting a message opposing Israel’s alleged crimes against the Palestinians and Syria. On the IDF blog and Twitter, SEA published a fake tweet claiming: “possible nuclear leak in Dimona, after 2 rockets would have hit the nuclear facility in Dimona.” It was revealed that hackers used an APT (advance persistent threat) attack and phishing mails to get access into the account. Another popular website hacked was the Haaretz website. In response to these cyber-attacks, the Israeli hacker team Israel Elite Force is beginning their own response attack called #OpIsraelRetaliate taking place on July 17th. In an article published on pc.co.il, Professor Yitzhak Ben Yisrael claims that since the start of the Operation there was an increase of 900% in cyber-attacks against Israel. Before the Operation began, there had been 100,000 a day, yet during the Operation the number has risen to over a million.

The Israeli cyber industry also reacted to the Operation, and a number of applications were created to deal with the situation. One application developed presented a red color system alarm for iPhone, Android, and other chrome browsers that no matter where a person is, he/she will be able to know if there is a siren going off in his/her region or in other places. Another development created was an app for finding a bomb shelter, basement, or shelter within close region.

USA

Senior U.S. officials, who participated in meetings with the Chinese last week, stated either side did not raise the case of the hacking into the Office of Personnel Management. The Chinese, angered by the indictment in May of five members of the People’s Liberation Army on charges of cyber espionage, refused a request by the Americans to restart a joint cyber working group. China suspended the work of the group that brought together American and Chinese negotiators to discuss cyber issues and has complained that the National Security Agency documents made public by Edward Snowden showed the United States had used cyber espionage to gain economic advantage.

DOD bolstering cyber security resources within civilian and military networks

The DoD’s cyberwarriors are working to bolster cyber security resources within civilian and military networks of individual countries, which are defined by the Department of Defense as those countries who are particularly more susceptible to cyber-attacks. Acting Deputy Assistant Secretary of Defense for Cyber Policy, U.S. Army Maj. Gen. John Davis, said several international allied countries faced a “significant impact… [or] existing threats” of active cyber-attacks particularly those in the Pacific, which are at risk of cyber-attacks from China and Russia. Additionally, General Davis said U.S. allies in the Middle East and Asia-Pacific regions were the primary focus of U.S.-led cyber defense efforts. The U.S. government has claimed those nations are responsible for offensive cyber operations against American allies, as well as attempted intrusions into U.S. networks. At the same time, DoD officials are working to improve NATO’s ability to respond to attacks against nations within the alliance. They are collaborating in a slew of cyber working groups to determine joint approaches and strategies to defend against attacks. NATO allies created a “Cyber Incident Response Center” meant to act as a reporting and coordination hub for cyber operations in the case of an attack against NATO or its members.

Africa

A recent report compiled by McAfee, found cyber-crime is having a significant economic impact on South Africa. The impact is costing the country over R5.8 billion each year – a situation believed to continually be getting worse. DDoS attacks are seen as a key concern by 66% of South African organizations. This is higher than the global average, which is 58%. It also reveals that while the majority of South African organizations do have a DDoS defense plan in place, only 20% believe they have sufficient resources to counteract such an attack.

The 5th annual Kenya Internet Governance Forum held in the beginning of July at Strathmore University forcused on cyber security issues. The theme of the forum was ‘Connecting Counties for Enhanced Multi-Stakeholder Internet Governance.’ The key points raised focused on the emerging legal concerns and challenges relating to cyber security. According to the Kenya Cyber Security Strategy released in February 2014, criminal organizations and hacktivists from all over the world are – and will continue to be – exploiting ICT vulnerabilities in Kenya as the country matures into an Information Society, adding that the country will face an increasingly evolving cyber threat landscape. Currently, Kenya ranks fifth in terms of hacking globally.

China & APAC

A new cyber security center has been launched at the University of New South Wales in Canberra. ACCS brings together the largest group of cyber security researchers in the country and will be located at UNSW Canberra at the Australian Defence Force Academy. The ACCS intends to be a unique, interdisciplinary cyber security research and teaching center. UNSW Canberra prides itself on bringing together leading edge research with practical real-world applications. “ACCS is a perfect example of how university research can support the business community and government,” says Rector of UNSW Canberra, Professor Michael Frater. ACCS draws on the skills of some of the best cyber security experts in the country serving as an expert in legal, policy, and technical domains. “UNSW applies this leadership through research; teaching; and engagement with the government, Defence, and business community,” says Director of ACCS, Professor Jill Slay.

North Korea expanding cyber power

In the last few years, North Korea has expanded its cyber power. Two years ago the cyber war unit of the Korean People’s Army had around 3,000 cyber soldiers and today has about 5,900. The country has doubled its cyber capability. The North Korean cyber unit seems to operate under the control of the General Bureau of Reconnaissance, which includes around 1,200 hackers. According to the Seoul-based Yonhap News Agency, the country has established new cyber bases in China and other countries. North Korea had already launched several cyber-attacks, including malware and viruses in emails against South Korea, the United States, and Japan. North Korea is copying the Chinese cyber models by recruiting more and more hackers for its army. Despite its old infrastructures, North Korea is a significant cyber actor in the Asian region.

Europe

As part of their national cyber defense program, France has decided to create a specialized national cyber reserve unit. Indeed this new cyber reserve unit will include volunteers of soldiers and analysts, teachers, students undertaking specialized masters in cyber-defense, and students in more general computer training. The national cyber reserve will provide specific cyber training for managing a cyber crisis. The goal of this unit is to help different agencies in charge of the systems and network security of the country in case of cyber warfare or cyber conflict. The concept of cyber reserve is not new, in fact the UK and other countries have already experienced it. Since 2009, France has improved its cyber defense systems and recruited more engineers and cyber specialists to protect its cyber borders. Like the UK, France is trying to be one of the most advanced countires in Europe for cyber defense.

Norway has been under cyber-attacks conducted by Anonymous Norway, which targeted the financial sector. The hacktivists launched a series of attacks against different Norwegian financial institutions, including the Danske Bank, Norges Bank, Sparebank, and famous insurance companies. However, non-financial corporations have also been targeted, such as Telecom Company and three national airlines. According to the investigation performed by the Evry’s security team, the hackers were located outside of Norway and have exploited a vulnerability in the WordPress platform to achieve these attacks. However, they did not steal private information from users, the investigation reported; this is typical of normal hacktavist who are not interested in stealing information but rather in creating publicity for their social or political cause. Evry’s security team added, “The scale is not the largest we have seen, but it is the first time it has hit so many central players in the finance sector in Norway.” Norway has great cyber defense capabilities, and its cyber defense force branch was established in 2012, with about 1,500 people located in 60 different locations. Moreover, Norway has different computer response teams to handle cyber threats. However, beside its national cyber security policy, Norway is still vulnerable to cyber-attacks and needs to improve and strengthen its cyber security to ensure better protection of its critical infrastructure.

NATO approves establishment of military Cyber-Polygon-Base

NATO Defense Forces recently approved the creation of the military Cyber-Polygon-Base in Estonia, which would include the most advanced cyber-laboratory. The major cyber polygon will be deployed in Tallinn, and the preparations have already begun. The polygon will be established on an already existing base, which was constructed in Estonia in 2012, where NATO Cyber Forces already conducted the “Cyber Coalition” and “Locked Shields” cyber exercises in 2013. It is likely one of main designations of this joint deployment is the protection from possible Russian aggression scenarios.

About the Cyber Intelligence Report:

This document was prepared by The Institute for National Security Studies (INSS) – Israel and The Cyber Security Forum Initiative (CSFI) – USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-on measures. This product may contain U.S. person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient’s intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-mail at: [email protected]. CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.